Oh hurrah. Jerry “The Thunderer” Fishenden is a free man. His NTOUK blog no longer refers to Microsoft UK’s national technical officer, but to Jerry’s own New Technological Observations from UK perspective.

UK Identity Card 1.0 is in deep trouble. It’s running late, and if the Conservative Party wins next year’s election it’ll be scrapped. Its original architect has changed his mind, and even some Cabinet members are starting to see it as a needless expense. But if we pull the plug, what then?

The cards may go away, but the issue won’t. Problems associated with identity, privacy and security will remain burning issues facing both the technology industry and wider society. But the irony is that the UK is well placed to develop a model identity framework for the 21st Century. Unlike many other countries, we don’t have the problems of any existing, legacy national identity scheme to encumber us. We have a clean slate. We could have got this right and shown the art of the possible.

Read the whole thing.

Jerry is a former public-service IT director, former officer of da House, well connected politically and brainier and more creative than most people you come across in a lifetime. He’s always been pretty to the point. Now the constraints of corporate-speak are cast aside I’m looking forward to many more instalments.

This first issue he hits is right on the money. His former employer (along with BT and very few others) have consistently talked sense on it. The axis of Home Office-Intellect is locking down big contracts for bad systems destined for technical, social and political failure. But the answers have long been there, if only people were to ask the right questions.

So let’s hit Control-Alt-Delete on the current system and get that reboot started.

Great start Jerry – thanks.

5 Responses to “Jerry Fishenden on how we “force quit” the Benighted ID Scheme”

… the current identity plan, which seems to be rooted in a 1960s view of computing, with everyone’s personal information stored in some monolithic central system and proposed identity cards that seem to be little more than plastic copies of the cardboard identity documents the UK population was forced to use during the second world war.

The Identity Cards Act is based on a certain idea of what ID cards should look like. The idea is that ID cards have to include your name and a photograph of you printed on a credit card-sized rectangle of plastic. This idea is copied from what other countries happen to do and from the cards many people use to get into their office buildings, for example. That’s just what an ID card looks like. You don’t have to think about it.

It is the contention of this proposal that if you do take the trouble to think about it, then you realise that ID cards do not have to look like that. There are certain objectives for ID cards. The same objectives and more can be achieved and have been achieved by mobile phones. Technology has moved on since the cardboard ID cards and ration books of the Second World War. Our idea of what an ID card is can move with it.

… some of the other documents and cards we typically have in our wallets or purses aren’t exactly model examples either. Take a typical bank card. Right there on its front it proudly displays your name, your bank account number and your bank sorting code. And on the back? Ah, your signature and the so-called ‘security code’ (printed for all to see). On the back too is a magnetic stripe that makes it easy to copy much of this data automatically. Other cards and documents are little better.

Digital certificates are not material. That is what gives dematerialised ID its name. Dematerialised ID is all about issuing digital certificates instead of material ones or, at least, in addition to material ones.

There is a successful precedent. Compare dematerialisation in the UK securities industry. We no longer have material share certificates, in the main. We still manage to invest in shares.

A conventional birth certificate, for example, is material. You could be issued with a digital certificate in addition to the material one, a dematerialised equivalent. Another example, the conventional credit card you carry around is material. You could just as well carry it around as a digital certificate stored on your mobile phone.

In general, under dematerialised ID, any supplier, who currently issues any material voucher, which entitles the bearer, to any benefit, could, instead, issue a digital certificate, to be stored on the bearer’s mobile phone.

In the work of leading identity, security and privacy thinkers such as Stefan Brands and Kim Cameron,* it is possible to see the art of the possible (Cameron’s laws of identity can be found here). Stefan’s work on minimal disclosure, for example, makes it possible to prove information about ourselves (“I am over 18”, “I am over 65”, “I am a UK citizen”, etc) without disclosing any personal information, such as our full name, place and date of birth, age or address. Neither would the technology leave an audit trail …

Dematerialised ID:

190. Although it is not acknowledged in their report, the LSE’s alternative to the government’s ID card scheme, with its use of digital credentials and unconditional anonymity, owes a debt to one of these alternative PKIs, specifically the scheme devised by David Chaum in the 1980s. His insight was that you do not need to reveal your entire identity for most transactions, you simply need to demonstrate that you have the credentials required for the given transaction, you can remain otherwise unconditionally anonymous.

191. His scheme was investigated by the EC during the development of OSCIE. They were sympathetic but had to reject it for lack of software to implement Chaum’s ideas. There is a more endemic problem – Chaum certificates have to be short-dated and repeatedly renewed. If these problems have been resolved – frequent renewal and the lack of software – then Chaum’s ideas could be implemented, and they could be better implemented on mobile phones than on separate smart cards. Dematerialised ID does not exclude Chaum.

Now is a good time to be thinking about what such an identity framework might look like. If the current Act is repealed, we need an alternative, sensible set of ideas waiting in the wings. An alternative that is designed to strengthen our privacy and security, not undermine it. One that places us, as citizens, at the centre and in control – not at the centre under permanent and routine surveillance. And one that empowers us with additional safeguards and protections well beyond those that the current conman-friendly plastic cards in our wallets and purses provide.

What we want and need and deserve and pay for is a government which behaves rationally, which takes evidence into account, which argues logically and which obtains good value for our money. It is when those wants, needs and interests are, untypically, not forthcoming that the political environment is polluted. That is what is meant by the references above to civil liberties and climate change.

Dematerialised ID is offered for consideration as an evidence-based and logical alternative to the government’s scheme, a return to the natural order, ecologically sound in terms of its politics.

I agree with you, William, and with Jerry Fishenden, and I have done since 2003.

I agree, except for one thing. I no longer believe that the government have anything to contribute to the “identity framework”, as Mr Fishenden calls it.

The government have to learn, says Mr Fishenden. Quite right. But we have to learn, too.

And to me, the sad lesson is that the politicians and the Home Office have consistently shown themselves to be ignorant, uninterested, credulous, mendacious and malign. Their rôle has to shrink. Ideally. And society’s has to grow.

Let's say what we want from e-government

Let's observe government first-hand

Let's say Wouldn't It Be Better If: WIBBI

Become an ethnographer of bureaucracy today! It beats just getting frustrated with public services.